Free Malware Removal Forum

Welcome to MalwareRemoval.com,What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

We have copied all the data files to an external hard drive. We are unable to download combofix because it locks up when it is not in safemode. Should our next step be to reformat the hard drive? Thank you for your help!

Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.

Double click combofix.exe & follow the prompts.

When finished, it will produce a log. Please save that log to post in your next reply along with a fresh HJT log

Re-enable all the programs that were disabled during the running of ComboFix..

Note:Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.ComboFix SHOULD NOT be used unless requested by a forum helper

It's not allowing us to download anything. When we click on the 1st and 3rd combofix links a box pops up that says: Security Alert- Yellow triangle w/! inside Your current security settings do not allow this file to be downloaded.

The 2nd combofix link does open but opens a site that is in spanish.

How do we change the security settings to download a file? We think its from the virus. Our privacy settings are set at medium and we have unblocked popups. It will not let us lower our security level zone below medium. We made sure it is enabled to download files under the security tab. Restricted sites is on high but it won't let me change that.

I can't open combofix on this computer b/c it's my husbands work computer. Thank you!

Last edited by julie0527 on January 6th, 2008, 6:39 pm, edited 1 time in total.

Search for the name of the threat(s) listed below on the Symantec Security Response site for removal information.

Warning! The scan detected a virus that is active in your computer's memory. The scan ended to prevent further infection.

You should shut down your computer immediately and restart it with an antivirus rescue disk or similar tool.

No viruses were detected in memory.

Your computer is infected with at least one known virus or Trojan horse.

Search for the name of the threat(s) listed below on the Symantec Security Response site for removal information.

No viruses were detected in memory.

Your computer is infected with at least one known virus or Trojan horse.

Note: The scan was cancelled before finishing. There may be more infected files on this computer.

Search for the name of the threat(s) listed below on the Symantec Security Response site for removal information.

A scan has not been run. To start Virus Detection, click here.

C:\WINDOWS\SYSTEM32\A3.0LL is infected with Trojan Horse C:\WINDOWS\SYSTEM32\ACYPKEDR.0LL is infected with Downloader C:\WINDOWS\SYSTEM32\ADSLD.0LL is infected with Trojan Horse C:\WINDOWS\SYSTEM32\ADSN.0LL is infected with Trojan Horse C:\WINDOWS\SYSTEM32\ADSND.0LL is infected with Trojan Horse C:\WINDOWS\SYSTEM32\AFOMBYLE.0XE is infected with Downloader C:\WINDOWS\SYSTEM32\AJBYUCSE.0LL is infected with Downloader C:\WINDOWS\SYSTEM32\AJIUWTMN.0XE is infected with Downloader C:\WINDOWS\SYSTEM32\AJTIWBS.0LL is infected with Trojan Horse C:\WINDOWS\SYSTEM32\ATMLI.0LL is infected with Trojan Horse C:\WINDOWS\SYSTEM32\AVICA.0LL is infected with Trojan Horse C:\WINDOWS\SYSTEM32\AVXBRJNI.0XE is infected with Downloader C:\WINDOWS\SYSTEM32\BDIIORD.0LL is infected with Trojan Horse C:\WINDOWS\SYSTEM32\BHOFTBUH.0XE is infected with Downloader C:\WINDOWS\SYSTEM32\BIBHCVNO.0XE is infected with Trojan.Vundo C:\WINDOWS\SYSTEM32\BJKHTVUC.0XE is infected with Trojan.Vundo C:\WINDOWS\SYSTEM32\BKLULAXK.0XE is infected with Downloader C:\WINDOWS\SYSTEM32\BKWJAPFF.0XE is infected with Downloader C:\WINDOWS\SYSTEM32\BPDEIPGF.0XE is infected with Downloader C:\WINDOWS\SYSTEM32\bpggtluh.dll is infected with Trojan.Vundo C:\WINDOWS\SYSTEM32\BQTFEVKR.0XE is infected with Trojan.Vundo C:\WINDOWS\SYSTEM32\BRNOVEUJ.0XE is infected with Downloader C:\WINDOWS\SYSTEM32\BROMXHIC.0XE is infected with Downloader C:\WINDOWS\SYSTEM32\BROWSE.0LL is infected with Trojan Horse C:\WINDOWS\SYSTEM32\BTHC.0LL is infected with Trojan Horse C:\WINDOWS\SYSTEM32\BTYYBVYB.0LL is infected with Downloader C:\WINDOWS\SYSTEM32\CGCQUJRC.0LL is infected with Downloader C:\WINDOWS\SYSTEM32\CKMADMLD.0XE is infected with Downloader C:\WINDOWS\SYSTEM32\CKSRSCET.0XE is infected with Trojan.Vundo C:\WINDOWS\SYSTEM32\CMCFG3.0LL is infected with Trojan Horse C:\WINDOWS\SYSTEM32\CNJYRCNY.0XE is infected with Downloader C:\WINDOWS\SYSTEM32\CNMLM6.0LL is infected with Trojan Horse C:\WINDOWS\SYSTEM32\CONSOL.0LL is infected with Trojan Horse C:\WINDOWS\SYSTEM32\CPEYEAJ.0LL is infected with Trojan Horse C:\WINDOWS\SYSTEM32\cqowstgh.dll is infected with Trojan.Vundo C:\WINDOWS\SYSTEM32\CTDPROX.0LL is infected with Trojan Horse C:\WINDOWS\SYSTEM32\CTMEDEN.0LL is infected with Trojan Horse C:\WINDOWS\SYSTEM32\CTOSUSE.0LL is infected with Trojan Horse C:\WINDOWS\SYSTEM32\cvufvasj.dll is infected with Trojan.Vundo C:\WINDOWS\SYSTEM32\D3D8TH.0LL is infected with Trojan Horse C:\WINDOWS\SYSTEM32\D3DR.0LL is infected with Trojan Horse C:\WINDOWS\SYSTEM32\d3dx9_2.11 is infected with SecurityRisk.Downldr C:\WINDOWS\SYSTEM32\d3dx9_2.dll is infected with Trojan Horse C:\WINDOWS\SYSTEM32\DAKJTQGF.0LL is infected with Trojan Horse C:\WINDOWS\SYSTEM32\DBGHEL.0LL is infected with Trojan Horse C:\WINDOWS\SYSTEM32\DCEIDMCW.0LL is infected with Trojan.Vundo C:\WINDOWS\SYSTEM32\DDIIPAPX.0LL is infected with Trojan Horse C:\WINDOWS\SYSTEM32\DEDICWIG.0LL is infected with Downloader C:\WINDOWS\SYSTEM32\DFFJXHCE.0XE is infected with Downloader C:\WINDOWS\SYSTEM32\DGTMPRNV.0XE is infected with Downloader C:\WINDOWS\SYSTEM32\DHBAJFIB.0XE is infected with Trojan.Vundo C:\WINDOWS\SYSTEM32\DHULRBCM.0XE is infected with Downloader C:\WINDOWS\SYSTEM32\DLPWEXAO.0XE is infected with Trojan.Vundo C:\WINDOWS\SYSTEM32\DMFPNTMX.0XE is infected with Downloader C:\WINDOWS\SYSTEM32\DMTUIKYL.0XE is infected with Downloader C:\WINDOWS\SYSTEM32\DNBOUAXO.0XE is infected with Downloader C:\WINDOWS\SYSTEM32\DNLHGALH.0XE is infected with Trojan.Vundo C:\WINDOWS\SYSTEM32\DNPFDPBJ.0XE is infected with Downloader C:\WINDOWS\SYSTEM32\DPCUETXY.0LL is infected with Downloader C:\WINDOWS\SYSTEM32\DQHPUYDB.0LL is infected with Trojan Horse C:\WINDOWS\SYSTEM32\DUTFJJKX.0XE is infected with Downloader C:\WINDOWS\SYSTEM32\DYOFSJST.0LL is infected with Downloader C:\WINDOWS\SYSTEM32\EACKWXQR.0XE is infected with Downloader C:\WINDOWS\SYSTEM32\EFAUGRXJ.0XE is infected with Trojan.Vundo C:\WINDOWS\SYSTEM32\EJOHYADK.0LL is infected with Downloader C:\WINDOWS\SYSTEM32\EMGWTKVC.0XE is infected with Downloader C:\WINDOWS\SYSTEM32\enpvread.dll is infected with Trojan.Vundo C:\WINDOWS\SYSTEM32\EQXYAKSX.0LL is infected with Downloader C:\WINDOWS\SYSTEM32\EWDNECWI.0XE is infected with Downloader C:\WINDOWS\SYSTEM32\FBUPQUET.0XE is infected with Trojan.Vundo C:\WINDOWS\SYSTEM32\FIMILHLD.0XE is infected with Downloader C:\WINDOWS\SYSTEM32\FKCTXGEK.0XE is infected with Downloader C:\WINDOWS\SYSTEM32\FMVPHYFU.0LL is infected with Downloader C:\WINDOWS\SYSTEM32\FNPXBDPA.0XE is infected with Trojan.Vundo C:\WINDOWS\SYSTEM32\FOXDOGLE.0XE is infected with Trojan.Vundo C:\WINDOWS\SYSTEM32\fybopbkg.dll is infected with Trojan.Vundo C:\WINDOWS\SYSTEM32\GBXQVOJQ.0LL is infected with Trojan.Vundo C:\WINDOWS\SYSTEM32\GLFXVOSQ.0XE is infected with Trojan.Vundo C:\WINDOWS\SYSTEM32\GTFQLXOR.0XE is infected with Downloader C:\WINDOWS\SYSTEM32\GWSOSXSW.0XE is infected with Downloader C:\WINDOWS\SYSTEM32\GXINAMPX.0XE is infected with Downloader C:\WINDOWS\SYSTEM32\hamjmuqg.dll is infected with Trojan.Zlob C:\WINDOWS\SYSTEM32\HBGEAOMD.0XE is infected with Trojan.Vundo C:\WINDOWS\SYSTEM32\HCVESQER.0XE is infected with Downloader C:\WINDOWS\SYSTEM32\HEHGIKHC.0XE is infected with Downloader C:\WINDOWS\SYSTEM32\HNIQOLHK.0LL is infected with Downloader C:\WINDOWS\SYSTEM32\HNNVQCKV.0XE is infected with Downloader C:\WINDOWS\SYSTEM32\HRQLEYUK.0XE is infected with Downloader C:\WINDOWS\SYSTEM32\ILGDQHQY.0XE is infected with Trojan.Vundo C:\WINDOWS\SYSTEM32\IMSXTBHK.0LL is infected with Downloader C:\WINDOWS\SYSTEM32\INYVEDJP.0XE is infected with Downloader C:\WINDOWS\SYSTEM32\JAHNYAYL.0XE is infected with Downloader C:\WINDOWS\SYSTEM32\JAYACIGU.0XE is infected with Trojan.Vundo C:\WINDOWS\SYSTEM32\JCPBXLMI.0XE is infected with Trojan.Vundo C:\WINDOWS\SYSTEM32\JGMRJHUU.0XE is infected with Trojan.Vundo C:\WINDOWS\SYSTEM32\JKDYERWL.0LL is infected with Trojan Horse C:\WINDOWS\SYSTEM32\JNWXRCWX.0LL is infected with Trojan Horse C:\WINDOWS\SYSTEM32\JQWEEVYN.0LL is infected with Trojan Horse C:\WINDOWS\SYSTEM32\KBCRYHBW.0XE is infected with Trojan.Vundo C:\WINDOWS\SYSTEM32\KCJWGBXU.0XE is infected with Downloader C:\WINDOWS\SYSTEM32\KCYDIGLT.0XE is infected with Trojan.Vundo C:\WINDOWS\SYSTEM32\KOSNSXMN.0XE is infected with Trojan.Vundo C:\WINDOWS\SYSTEM32\KPNFOSUI.0LL is infected with Downloader C:\WINDOWS\SYSTEM32\kskfhhqg.dll is infected with Trojan.Zlob C:\WINDOWS\SYSTEM32\KSMRHCTD.0XE is infected with Downloader C:\WINDOWS\SYSTEM32\KVGCXOJD.0XE is infected with Downloader C:\WINDOWS\SYSTEM32\LESMTRQS.0LL is infected with Downloader C:\WINDOWS\SYSTEM32\LFOOGUNF.0XE is infected with Downloader C:\WINDOWS\SYSTEM32\LGUOEOUN.0XE is infected with Trojan.Vundo C:\WINDOWS\SYSTEM32\LJOWSFHG.0LL is infected with Downloader C:\WINDOWS\SYSTEM32\lxjygbrm.dll is infected with Trojan.Vundo C:\WINDOWS\SYSTEM32\MHKYHRPU.0XE is infected with Trojan.Vundo C:\WINDOWS\SYSTEM32\MMWDNKFQ.0XE is infected with Downloader C:\WINDOWS\SYSTEM32\MSXJVBTE.0LL is infected with Downloader C:\WINDOWS\SYSTEM32\muxgcjtq.dll is infected with Trojan.Vundo C:\WINDOWS\SYSTEM32\NEVRRUHG.0XE is infected with Downloader C:\WINDOWS\SYSTEM32\NIUOGRKJ.0XE is infected with Trojan.Vundo C:\WINDOWS\SYSTEM32\NMJDNTXN.0LL is infected with Trojan Horse C:\WINDOWS\SYSTEM32\NOYKBQWP.0XE is infected with Trojan.Vundo C:\WINDOWS\SYSTEM32\NPSPFJDU.0XE is infected with Downloader C:\WINDOWS\SYSTEM32\NQDMVTVS.0XE is infected with Downloader C:\WINDOWS\SYSTEM32\NREETITT.0XE is infected with Downloader C:\WINDOWS\SYSTEM32\NSUEIQAS.0XE is infected with Downloader C:\WINDOWS\SYSTEM32\OIPBOVQK.0LL is infected with Trojan.Vundo C:\WINDOWS\SYSTEM32\ORRABPCF.0LL is infected with Downloader C:\WINDOWS\SYSTEM32\ORVMPEHP.0XE is infected with Downloader C:\WINDOWS\SYSTEM32\OVWGTQAT.0LL is infected with Trojan Horse C:\WINDOWS\SYSTEM32\PEITOHKX.0LL is infected with Trojan Horse C:\WINDOWS\SYSTEM32\PFORILOC.0XE is infected with Downloader C:\WINDOWS\SYSTEM32\PGCNCGOK.0XE is infected with Downloader C:\WINDOWS\SYSTEM32\PGINAADV.0XE is infected with Downloader C:\WINDOWS\SYSTEM32\PHCIMYRD.0LL is infected with Downloader C:\WINDOWS\SYSTEM32\PKFMJUOG.0XE is infected with Downloader C:\WINDOWS\SYSTEM32\PMBBAREW.0XE is infected with Downloader C:\WINDOWS\SYSTEM32\PQBMXQQL.0LL is infected with Downloader C:\WINDOWS\SYSTEM32\PUEWBBOL.0XE is infected with Downloader C:\WINDOWS\SYSTEM32\PURYUKWD.0XE is infected with Trojan.Vundo C:\WINDOWS\SYSTEM32\PXEVUDRO.0XE is infected with Trojan.Vundo C:\WINDOWS\SYSTEM32\PXUWFAKR.0XE is infected with Trojan.Vundo C:\WINDOWS\SYSTEM32\QBQMVUWQ.0XE is infected with Trojan.Vundo C:\WINDOWS\SYSTEM32\QJGDBASM.0XE is infected with Downloader C:\WINDOWS\SYSTEM32\QLRCLLGW.0XE is infected with Trojan.Vundo C:\WINDOWS\SYSTEM32\QNPECMLR.0XE is infected with Downloader C:\WINDOWS\SYSTEM32\QNPGUBIA.0XE is infected with Downloader C:\WINDOWS\SYSTEM32\QOWTAOGV.0XE is infected with Downloader C:\WINDOWS\SYSTEM32\QPTREWHG.0LL is infected with Trojan.Vundo C:\WINDOWS\SYSTEM32\qrwksbpe.dll is infected with Trojan.Vundo C:\WINDOWS\SYSTEM32\QURYURYQ.0LL is infected with Trojan.Vundo C:\WINDOWS\SYSTEM32\QVNWEJXV.0XE is infected with Trojan.Vundo C:\WINDOWS\SYSTEM32\QXCBPWWX.0XE is infected with Downloader C:\WINDOWS\SYSTEM32\RBRNIOOW.0XE is infected with Downloader C:\WINDOWS\SYSTEM32\rcvwvtrr.dll is infected with Trojan.Zlob C:\WINDOWS\SYSTEM32\RFSGHWCW.0LL is infected with Downloader C:\WINDOWS\SYSTEM32\RJJYMAXI.0XE is infected with Trojan.Vundo C:\WINDOWS\SYSTEM32\RMODASBH.0LL is infected with Downloader C:\WINDOWS\SYSTEM32\rowthwjg.dll is infected with Trojan.Vundo C:\WINDOWS\SYSTEM32\RQENJDLK.0XE is infected with Downloader C:\WINDOWS\SYSTEM32\rtmcvrgk.dll is infected with Trojan.Zlob C:\WINDOWS\SYSTEM32\RXDIITCD.0XE is infected with Downloader C:\WINDOWS\SYSTEM32\RYJGFCTV.0XE is infected with Downloader C:\WINDOWS\SYSTEM32\SCUWVDLY.0XE is infected with Trojan.Vundo C:\WINDOWS\SYSTEM32\SEGPWGIO.0XE is infected with Downloader C:\WINDOWS\SYSTEM32\SHAQSUWK.0LL is infected with Trojan Horse C:\WINDOWS\SYSTEM32\STUMYUQT.0LL is infected with Downloader C:\WINDOWS\SYSTEM32\SXSUDHUF.0XE is infected with Trojan.Vundo C:\WINDOWS\SYSTEM32\TAAWFBRD.0XE is infected with Downloader C:\WINDOWS\SYSTEM32\TBQTEDDL.0XE is infected with Trojan.Vundo C:\WINDOWS\SYSTEM32\TCHWUPXA.0XE is infected with Downloader C:\WINDOWS\SYSTEM32\TDLGOLSN.0XE is infected with Trojan.Vundo C:\WINDOWS\SYSTEM32\TIGNLUVJ.0XE is infected with Downloader C:\WINDOWS\SYSTEM32\TKKILDIS.0XE is infected with Downloader C:\WINDOWS\SYSTEM32\TNXQEYHP.0XE is infected with Trojan.Vundo C:\WINDOWS\SYSTEM32\TQCELJBC.0XE is infected with Trojan.Vundo C:\WINDOWS\SYSTEM32\TTFJHROT.0XE is infected with Downloader C:\WINDOWS\SYSTEM32\TWGNGGTC.0XE is infected with Downloader C:\WINDOWS\SYSTEM32\TWTPLUDA.0XE is infected with Downloader C:\WINDOWS\SYSTEM32\UAJUWBSA.0LL is infected with Trojan Horse C:\WINDOWS\SYSTEM32\UASXVWWT.0XE is infected with Trojan.Vundo C:\WINDOWS\SYSTEM32\ubhpwagt.dll is infected with Trojan.Vundo C:\WINDOWS\SYSTEM32\UCKXROGC.0XE is infected with Trojan.Vundo C:\WINDOWS\SYSTEM32\UDDWHLXY.0XE is infected with Downloader C:\WINDOWS\SYSTEM32\UFSJARYY.0XE is infected with Downloader C:\WINDOWS\SYSTEM32\UQSHQMPJ.0XE is infected with Downloader C:\WINDOWS\SYSTEM32\USCCFQNV.0XE is infected with Downloader C:\WINDOWS\SYSTEM32\UTVQRRSG.0LL is infected with Downloader C:\WINDOWS\SYSTEM32\vbrjhsob.dll is infected with Trojan.Vundo C:\WINDOWS\SYSTEM32\VCJUKORQ.0LL is infected with Downloader C:\WINDOWS\SYSTEM32\VCNAUGDW.0XE is infected with Downloader C:\WINDOWS\SYSTEM32\VCOGHMJC.0XE is infected with Downloader C:\WINDOWS\SYSTEM32\voospell.dll is infected with Trojan.Zlob C:\WINDOWS\SYSTEM32\vymjcoil.dll is infected with Trojan.Vundo C:\WINDOWS\SYSTEM32\WCVRLIQJ.0LL is infected with Downloader C:\WINDOWS\SYSTEM32\WDIFRVFG.0XE is infected with Downloader C:\WINDOWS\SYSTEM32\WHLDMHBT.0XE is infected with Downloader C:\WINDOWS\SYSTEM32\WHLXWSEL.0XE is infected with Downloader C:\WINDOWS\SYSTEM32\WLQFHNAP.0XE is infected with Trojan.Vundo C:\WINDOWS\SYSTEM32\WPFLHIDE.0XE is infected with Downloader C:\WINDOWS\SYSTEM32\WQJJPCYG.0XE is infected with Downloader C:\WINDOWS\SYSTEM32\WRWLXCYP.0XE is infected with Downloader C:\WINDOWS\SYSTEM32\WVJHFNAX.0XE is infected with Downloader C:\WINDOWS\SYSTEM32\WYLJVQIW.0LL is infected with Trojan Horse C:\WINDOWS\SYSTEM32\XASMIEXP.0LL is infected with Trojan Horse C:\WINDOWS\SYSTEM32\XDUQCJKG.0XE is infected with Downloader C:\WINDOWS\SYSTEM32\xlfmkhfl.dll is infected with Trojan.Vundo C:\WINDOWS\SYSTEM32\XOLJOLQA.0XE is infected with Downloader C:\WINDOWS\SYSTEM32\xtbndrad.dll is infected with Trojan.Vundo C:\WINDOWS\SYSTEM32\XXJMVATI.0XE is infected with Downloader C:\WINDOWS\SYSTEM32\YASLXQLF.0XE is infected with Downloader C:\WINDOWS\SYSTEM32\YCWXIGIX.0LL is infected with Downloader C:\WINDOWS\SYSTEM32\YFACCNNA.0XE is infected with Downloader C:\WINDOWS\SYSTEM32\YFWSFVFL.0XE is infected with Trojan.Vundo C:\WINDOWS\SYSTEM32\ygdwdlqe.dll is infected with Trojan.Vundo C:\WINDOWS\SYSTEM32\YPOGGOTH.0XE is infected with Downloader C:\WINDOWS\SYSTEM32\YRAWEMXB.0XE is infected with Downloader C:\WINDOWS\SYSTEM32\DRIVERS\HMEEWWYK.0YS is infected with Trojan Horse C:\WINDOWS\SYSTEM32\DRIVERS\vidid35x9.sys is infected with Spyware.Apropos.C C:\WINDOWS\Downloaded Program Files\MiniInstaller.exe is infected with Backdoor.Formador C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UGA6P_0001_N122M2210NetInstaller.exe is infected with Downloader.MisleadApp C:\Program Files\Imastant\npf.sys is infected with Spyware.Apropos.C

Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.

ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.

When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

Please try to boot normally and see if you can access the internet properly now.

Symantec just scanned. We used it since we couldn't download hijackthis.

I tried twice to start in normal mode and both times it had the flashing lines, screen flashed black several times, and it locked up. The 1st time after I opened Internet Explorer and the 2nd time before.

Forgot to mention earlier that in safe mode it also takes 2 or 3 tries to get IE to open properly.

These tools are safe to download and transfer to the infected PC, they will not run automatically.Since you will have to transfer some programs over, I have attached a file to this post.Just open the zip file and use the contents of the text file inside with OTMoveIt where instructed.

While you are downloading files and transfering, please download a fresh copy of ComboFix as it has been updated.Just delete the Combofix.exe that you already have.You do not need to run it yet, I am just trying to save you time transferring things

Transfer all 4 files to the infected PC=========================================================================================

On the infected PC......

OTMoveIt

Please double-click OTMoveIt.exe to run it.

Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

Contents of the Text file

Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.

Click the red Moveit! button.

Close OTMoveIt

Copy and paste the contents of the results box as a reply to this topic

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

**If a reboot was necessary or you needed to Exit before posting the log, you will find a copy of the log at the root of the drive where OTMoveIt is installed, usually at :C:\\_OTMoveIt\\MovedFiles\\********_******.log(where "********_******" is the "date_time")

SD FixDouble click SDFix.exe and it will extract the files to %systemdrive%(Drive that contains the Windows Directory, typically C:\\SDFix)

Please then reboot your computer in Safe Mode by doing the following :

Restart your computer

After hearing your computer beep once during startup, but before the Windows icon appears, tap the F5 key continually;

Instead of Windows loading as normal, the Advanced Options Menu should appear;

Select the first option, to run Windows in Safe Mode, then press Enter.

Choose your usual account.

Open the extracted SDFix folder and double click RunThis.bat to start the script.

Type Y to begin the cleanup process.

It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.

Press any Key and it will restart the PC.

When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.

Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt(Report.txt will also be copied to Clipboard ready for posting back on the forum).

Finally paste the contents of the Report.txt back on the forum with a new HijackThis log

You do not have the required permissions to view the files attached to this post.

C:\WINDOWS\SYSTEM32\A3.0LL moved successfully.C:\WINDOWS\SYSTEM32\ACYPKEDR.0LL moved successfully.C:\WINDOWS\SYSTEM32\ADSLD.0LL moved successfully.C:\WINDOWS\SYSTEM32\ADSN.0LL moved successfully.C:\WINDOWS\SYSTEM32\ADSND.0LL moved successfully.C:\WINDOWS\SYSTEM32\AFOMBYLE.0XE moved successfully.C:\WINDOWS\SYSTEM32\AJBYUCSE.0LL moved successfully.C:\WINDOWS\SYSTEM32\AJIUWTMN.0XE moved successfully.C:\WINDOWS\SYSTEM32\AJTIWBS.0LL moved successfully.C:\WINDOWS\SYSTEM32\ATMLI.0LL moved successfully.C:\WINDOWS\SYSTEM32\AVICA.0LL moved successfully.C:\WINDOWS\SYSTEM32\AVXBRJNI.0XE moved successfully.C:\WINDOWS\SYSTEM32\BDIIORD.0LL moved successfully.C:\WINDOWS\SYSTEM32\BHOFTBUH.0XE moved successfully.C:\WINDOWS\SYSTEM32\BIBHCVNO.0XE moved successfully.C:\WINDOWS\SYSTEM32\BJKHTVUC.0XE moved successfully.C:\WINDOWS\SYSTEM32\BKLULAXK.0XE moved successfully.C:\WINDOWS\SYSTEM32\BKWJAPFF.0XE moved successfully.C:\WINDOWS\SYSTEM32\BPDEIPGF.0XE moved successfully.DllUnregisterServer procedure not found in C:\WINDOWS\SYSTEM32\bpggtluh.dllC:\WINDOWS\SYSTEM32\bpggtluh.dll NOT unregistered.C:\WINDOWS\SYSTEM32\bpggtluh.dll moved successfully.C:\WINDOWS\SYSTEM32\BQTFEVKR.0XE moved successfully.C:\WINDOWS\SYSTEM32\BRNOVEUJ.0XE moved successfully.C:\WINDOWS\SYSTEM32\BROMXHIC.0XE moved successfully.C:\WINDOWS\SYSTEM32\BROWSE.0LL moved successfully.C:\WINDOWS\SYSTEM32\BTHC.0LL moved successfully.C:\WINDOWS\SYSTEM32\BTYYBVYB.0LL moved successfully.C:\WINDOWS\SYSTEM32\CGCQUJRC.0LL moved successfully.C:\WINDOWS\SYSTEM32\CKMADMLD.0XE moved successfully.C:\WINDOWS\SYSTEM32\CKSRSCET.0XE moved successfully.C:\WINDOWS\SYSTEM32\CMCFG3.0LL moved successfully.C:\WINDOWS\SYSTEM32\CNJYRCNY.0XE moved successfully.C:\WINDOWS\SYSTEM32\CNMLM6.0LL moved successfully.C:\WINDOWS\SYSTEM32\CONSOL.0LL moved successfully.C:\WINDOWS\SYSTEM32\CPEYEAJ.0LL moved successfully.DllUnregisterServer procedure not found in C:\WINDOWS\SYSTEM32\cqowstgh.dllC:\WINDOWS\SYSTEM32\cqowstgh.dll NOT unregistered.C:\WINDOWS\SYSTEM32\cqowstgh.dll moved successfully.C:\WINDOWS\SYSTEM32\CTDPROX.0LL moved successfully.C:\WINDOWS\SYSTEM32\CTMEDEN.0LL moved successfully.C:\WINDOWS\SYSTEM32\CTOSUSE.0LL moved successfully.DllUnregisterServer procedure not found in C:\WINDOWS\SYSTEM32\cvufvasj.dllC:\WINDOWS\SYSTEM32\cvufvasj.dll NOT unregistered.C:\WINDOWS\SYSTEM32\cvufvasj.dll moved successfully.C:\WINDOWS\SYSTEM32\D3D8TH.0LL moved successfully.C:\WINDOWS\SYSTEM32\D3DR.0LL moved successfully.C:\WINDOWS\SYSTEM32\d3dx9_2.11 moved successfully.File/Folder C:\WINDOWS\SYSTEM32\d3dx9_2.dll not found.C:\WINDOWS\SYSTEM32\DAKJTQGF.0LL moved successfully.C:\WINDOWS\SYSTEM32\DBGHEL.0LL moved successfully.C:\WINDOWS\SYSTEM32\DCEIDMCW.0LL moved successfully.C:\WINDOWS\SYSTEM32\DDIIPAPX.0LL moved successfully.C:\WINDOWS\SYSTEM32\DEDICWIG.0LL moved successfully.C:\WINDOWS\SYSTEM32\DFFJXHCE.0XE moved successfully.C:\WINDOWS\SYSTEM32\DGTMPRNV.0XE moved successfully.C:\WINDOWS\SYSTEM32\DHBAJFIB.0XE moved successfully.C:\WINDOWS\SYSTEM32\DHULRBCM.0XE moved successfully.C:\WINDOWS\SYSTEM32\DLPWEXAO.0XE moved successfully.C:\WINDOWS\SYSTEM32\DMFPNTMX.0XE moved successfully.C:\WINDOWS\SYSTEM32\DMTUIKYL.0XE moved successfully.C:\WINDOWS\SYSTEM32\DNBOUAXO.0XE moved successfully.C:\WINDOWS\SYSTEM32\DNLHGALH.0XE moved successfully.C:\WINDOWS\SYSTEM32\DNPFDPBJ.0XE moved successfully.C:\WINDOWS\SYSTEM32\DPCUETXY.0LL moved successfully.C:\WINDOWS\SYSTEM32\DQHPUYDB.0LL moved successfully.C:\WINDOWS\SYSTEM32\DUTFJJKX.0XE moved successfully.C:\WINDOWS\SYSTEM32\DYOFSJST.0LL moved successfully.C:\WINDOWS\SYSTEM32\EACKWXQR.0XE moved successfully.C:\WINDOWS\SYSTEM32\EFAUGRXJ.0XE moved successfully.C:\WINDOWS\SYSTEM32\EJOHYADK.0LL moved successfully.C:\WINDOWS\SYSTEM32\EMGWTKVC.0XE moved successfully.DllUnregisterServer procedure not found in C:\WINDOWS\SYSTEM32\enpvread.dllC:\WINDOWS\SYSTEM32\enpvread.dll NOT unregistered.C:\WINDOWS\SYSTEM32\enpvread.dll moved successfully.C:\WINDOWS\SYSTEM32\EQXYAKSX.0LL moved successfully.C:\WINDOWS\SYSTEM32\EWDNECWI.0XE moved successfully.C:\WINDOWS\SYSTEM32\FBUPQUET.0XE moved successfully.C:\WINDOWS\SYSTEM32\FIMILHLD.0XE moved successfully.C:\WINDOWS\SYSTEM32\FKCTXGEK.0XE moved successfully.C:\WINDOWS\SYSTEM32\FMVPHYFU.0LL moved successfully.C:\WINDOWS\SYSTEM32\FNPXBDPA.0XE moved successfully.C:\WINDOWS\SYSTEM32\FOXDOGLE.0XE moved successfully.DllUnregisterServer procedure not found in C:\WINDOWS\SYSTEM32\fybopbkg.dllC:\WINDOWS\SYSTEM32\fybopbkg.dll NOT unregistered.C:\WINDOWS\SYSTEM32\fybopbkg.dll moved successfully.C:\WINDOWS\SYSTEM32\GBXQVOJQ.0LL moved successfully.C:\WINDOWS\SYSTEM32\GLFXVOSQ.0XE moved successfully.C:\WINDOWS\SYSTEM32\GTFQLXOR.0XE moved successfully.C:\WINDOWS\SYSTEM32\GWSOSXSW.0XE moved successfully.C:\WINDOWS\SYSTEM32\GXINAMPX.0XE moved successfully.DllUnregisterServer procedure not found in C:\WINDOWS\SYSTEM32\hamjmuqg.dllC:\WINDOWS\SYSTEM32\hamjmuqg.dll NOT unregistered.C:\WINDOWS\SYSTEM32\hamjmuqg.dll moved successfully.C:\WINDOWS\SYSTEM32\HBGEAOMD.0XE moved successfully.C:\WINDOWS\SYSTEM32\HCVESQER.0XE moved successfully.C:\WINDOWS\SYSTEM32\HEHGIKHC.0XE moved successfully.C:\WINDOWS\SYSTEM32\HNIQOLHK.0LL moved successfully.C:\WINDOWS\SYSTEM32\HNNVQCKV.0XE moved successfully.C:\WINDOWS\SYSTEM32\HRQLEYUK.0XE moved successfully.C:\WINDOWS\SYSTEM32\ILGDQHQY.0XE moved successfully.C:\WINDOWS\SYSTEM32\IMSXTBHK.0LL moved successfully.C:\WINDOWS\SYSTEM32\INYVEDJP.0XE moved successfully.C:\WINDOWS\SYSTEM32\JAHNYAYL.0XE moved successfully.C:\WINDOWS\SYSTEM32\JAYACIGU.0XE moved successfully.C:\WINDOWS\SYSTEM32\JCPBXLMI.0XE moved successfully.C:\WINDOWS\SYSTEM32\JGMRJHUU.0XE moved successfully.C:\WINDOWS\SYSTEM32\JKDYERWL.0LL moved successfully.C:\WINDOWS\SYSTEM32\JNWXRCWX.0LL moved successfully.C:\WINDOWS\SYSTEM32\JQWEEVYN.0LL moved successfully.C:\WINDOWS\SYSTEM32\KBCRYHBW.0XE moved successfully.C:\WINDOWS\SYSTEM32\KCJWGBXU.0XE moved successfully.C:\WINDOWS\SYSTEM32\KCYDIGLT.0XE moved successfully.C:\WINDOWS\SYSTEM32\KOSNSXMN.0XE moved successfully.C:\WINDOWS\SYSTEM32\KPNFOSUI.0LL moved successfully.DllUnregisterServer procedure not found in C:\WINDOWS\SYSTEM32\kskfhhqg.dllC:\WINDOWS\SYSTEM32\kskfhhqg.dll NOT unregistered.C:\WINDOWS\SYSTEM32\kskfhhqg.dll moved successfully.C:\WINDOWS\SYSTEM32\KSMRHCTD.0XE moved successfully.C:\WINDOWS\SYSTEM32\KVGCXOJD.0XE moved successfully.C:\WINDOWS\SYSTEM32\LESMTRQS.0LL moved successfully.C:\WINDOWS\SYSTEM32\LFOOGUNF.0XE moved successfully.C:\WINDOWS\SYSTEM32\LGUOEOUN.0XE moved successfully.C:\WINDOWS\SYSTEM32\LJOWSFHG.0LL moved successfully.DllUnregisterServer procedure not found in C:\WINDOWS\SYSTEM32\lxjygbrm.dllC:\WINDOWS\SYSTEM32\lxjygbrm.dll NOT unregistered.C:\WINDOWS\SYSTEM32\lxjygbrm.dll moved successfully.C:\WINDOWS\SYSTEM32\MHKYHRPU.0XE moved successfully.C:\WINDOWS\SYSTEM32\MMWDNKFQ.0XE moved successfully.C:\WINDOWS\SYSTEM32\MSXJVBTE.0LL moved successfully.DllUnregisterServer procedure not found in C:\WINDOWS\SYSTEM32\muxgcjtq.dllC:\WINDOWS\SYSTEM32\muxgcjtq.dll NOT unregistered.C:\WINDOWS\SYSTEM32\muxgcjtq.dll moved successfully.C:\WINDOWS\SYSTEM32\NEVRRUHG.0XE moved successfully.C:\WINDOWS\SYSTEM32\NIUOGRKJ.0XE moved successfully.C:\WINDOWS\SYSTEM32\NMJDNTXN.0LL moved successfully.C:\WINDOWS\SYSTEM32\NOYKBQWP.0XE moved successfully.C:\WINDOWS\SYSTEM32\NPSPFJDU.0XE moved successfully.C:\WINDOWS\SYSTEM32\NQDMVTVS.0XE moved successfully.C:\WINDOWS\SYSTEM32\NREETITT.0XE moved successfully.C:\WINDOWS\SYSTEM32\NSUEIQAS.0XE moved successfully.C:\WINDOWS\SYSTEM32\OIPBOVQK.0LL moved successfully.C:\WINDOWS\SYSTEM32\ORRABPCF.0LL moved successfully.C:\WINDOWS\SYSTEM32\ORVMPEHP.0XE moved successfully.C:\WINDOWS\SYSTEM32\OVWGTQAT.0LL moved successfully.C:\WINDOWS\SYSTEM32\PEITOHKX.0LL moved successfully.C:\WINDOWS\SYSTEM32\PFORILOC.0XE moved successfully.C:\WINDOWS\SYSTEM32\PGCNCGOK.0XE moved successfully.C:\WINDOWS\SYSTEM32\PGINAADV.0XE moved successfully.C:\WINDOWS\SYSTEM32\PHCIMYRD.0LL moved successfully.C:\WINDOWS\SYSTEM32\PKFMJUOG.0XE moved successfully.C:\WINDOWS\SYSTEM32\PMBBAREW.0XE moved successfully.C:\WINDOWS\SYSTEM32\PQBMXQQL.0LL moved successfully.C:\WINDOWS\SYSTEM32\PUEWBBOL.0XE moved successfully.C:\WINDOWS\SYSTEM32\PURYUKWD.0XE moved successfully.C:\WINDOWS\SYSTEM32\PXEVUDRO.0XE moved successfully.C:\WINDOWS\SYSTEM32\PXUWFAKR.0XE moved successfully.C:\WINDOWS\SYSTEM32\QBQMVUWQ.0XE moved successfully.C:\WINDOWS\SYSTEM32\QJGDBASM.0XE moved successfully.C:\WINDOWS\SYSTEM32\QLRCLLGW.0XE moved successfully.C:\WINDOWS\SYSTEM32\QNPECMLR.0XE moved successfully.C:\WINDOWS\SYSTEM32\QNPGUBIA.0XE moved successfully.C:\WINDOWS\SYSTEM32\QOWTAOGV.0XE moved successfully.C:\WINDOWS\SYSTEM32\QPTREWHG.0LL moved successfully.DllUnregisterServer procedure not found in C:\WINDOWS\SYSTEM32\qrwksbpe.dllC:\WINDOWS\SYSTEM32\qrwksbpe.dll NOT unregistered.C:\WINDOWS\SYSTEM32\qrwksbpe.dll moved successfully.C:\WINDOWS\SYSTEM32\QURYURYQ.0LL moved successfully.C:\WINDOWS\SYSTEM32\QVNWEJXV.0XE moved successfully.C:\WINDOWS\SYSTEM32\QXCBPWWX.0XE moved successfully.C:\WINDOWS\SYSTEM32\RBRNIOOW.0XE moved successfully.DllUnregisterServer procedure not found in C:\WINDOWS\SYSTEM32\rcvwvtrr.dllC:\WINDOWS\SYSTEM32\rcvwvtrr.dll NOT unregistered.C:\WINDOWS\SYSTEM32\rcvwvtrr.dll moved successfully.C:\WINDOWS\SYSTEM32\RFSGHWCW.0LL moved successfully.C:\WINDOWS\SYSTEM32\RJJYMAXI.0XE moved successfully.C:\WINDOWS\SYSTEM32\RMODASBH.0LL moved successfully.DllUnregisterServer procedure not found in C:\WINDOWS\SYSTEM32\rowthwjg.dllC:\WINDOWS\SYSTEM32\rowthwjg.dll NOT unregistered.C:\WINDOWS\SYSTEM32\rowthwjg.dll moved successfully.C:\WINDOWS\SYSTEM32\RQENJDLK.0XE moved successfully.DllUnregisterServer procedure not found in C:\WINDOWS\SYSTEM32\rtmcvrgk.dllC:\WINDOWS\SYSTEM32\rtmcvrgk.dll NOT unregistered.C:\WINDOWS\SYSTEM32\rtmcvrgk.dll moved successfully.C:\WINDOWS\SYSTEM32\RXDIITCD.0XE moved successfully.C:\WINDOWS\SYSTEM32\RYJGFCTV.0XE moved successfully.C:\WINDOWS\SYSTEM32\SCUWVDLY.0XE moved successfully.C:\WINDOWS\SYSTEM32\SEGPWGIO.0XE moved successfully.C:\WINDOWS\SYSTEM32\SHAQSUWK.0LL moved successfully.C:\WINDOWS\SYSTEM32\STUMYUQT.0LL moved successfully.C:\WINDOWS\SYSTEM32\SXSUDHUF.0XE moved successfully.C:\WINDOWS\SYSTEM32\TAAWFBRD.0XE moved successfully.C:\WINDOWS\SYSTEM32\TBQTEDDL.0XE moved successfully.C:\WINDOWS\SYSTEM32\TCHWUPXA.0XE moved successfully.C:\WINDOWS\SYSTEM32\TDLGOLSN.0XE moved successfully.C:\WINDOWS\SYSTEM32\TIGNLUVJ.0XE moved successfully.C:\WINDOWS\SYSTEM32\TKKILDIS.0XE moved successfully.C:\WINDOWS\SYSTEM32\TNXQEYHP.0XE moved successfully.C:\WINDOWS\SYSTEM32\TQCELJBC.0XE moved successfully.C:\WINDOWS\SYSTEM32\TTFJHROT.0XE moved successfully.C:\WINDOWS\SYSTEM32\TWGNGGTC.0XE moved successfully.C:\WINDOWS\SYSTEM32\TWTPLUDA.0XE moved successfully.C:\WINDOWS\SYSTEM32\UAJUWBSA.0LL moved successfully.C:\WINDOWS\SYSTEM32\UASXVWWT.0XE moved successfully.DllUnregisterServer procedure not found in C:\WINDOWS\SYSTEM32\ubhpwagt.dllC:\WINDOWS\SYSTEM32\ubhpwagt.dll NOT unregistered.C:\WINDOWS\SYSTEM32\ubhpwagt.dll moved successfully.C:\WINDOWS\SYSTEM32\UCKXROGC.0XE moved successfully.C:\WINDOWS\SYSTEM32\UDDWHLXY.0XE moved successfully.C:\WINDOWS\SYSTEM32\UFSJARYY.0XE moved successfully.C:\WINDOWS\SYSTEM32\UQSHQMPJ.0XE moved successfully.C:\WINDOWS\SYSTEM32\USCCFQNV.0XE moved successfully.C:\WINDOWS\SYSTEM32\UTVQRRSG.0LL moved successfully.DllUnregisterServer procedure not found in C:\WINDOWS\SYSTEM32\vbrjhsob.dllC:\WINDOWS\SYSTEM32\vbrjhsob.dll NOT unregistered.C:\WINDOWS\SYSTEM32\vbrjhsob.dll moved successfully.C:\WINDOWS\SYSTEM32\VCJUKORQ.0LL moved successfully.C:\WINDOWS\SYSTEM32\VCNAUGDW.0XE moved successfully.C:\WINDOWS\SYSTEM32\VCOGHMJC.0XE moved successfully.DllUnregisterServer procedure not found in C:\WINDOWS\SYSTEM32\voospell.dllC:\WINDOWS\SYSTEM32\voospell.dll NOT unregistered.C:\WINDOWS\SYSTEM32\voospell.dll moved successfully.DllUnregisterServer procedure not found in C:\WINDOWS\SYSTEM32\vymjcoil.dllC:\WINDOWS\SYSTEM32\vymjcoil.dll NOT unregistered.C:\WINDOWS\SYSTEM32\vymjcoil.dll moved successfully.C:\WINDOWS\SYSTEM32\WCVRLIQJ.0LL moved successfully.C:\WINDOWS\SYSTEM32\WDIFRVFG.0XE moved successfully.C:\WINDOWS\SYSTEM32\WHLDMHBT.0XE moved successfully.C:\WINDOWS\SYSTEM32\WHLXWSEL.0XE moved successfully.C:\WINDOWS\SYSTEM32\WLQFHNAP.0XE moved successfully.C:\WINDOWS\SYSTEM32\WPFLHIDE.0XE moved successfully.C:\WINDOWS\SYSTEM32\WQJJPCYG.0XE moved successfully.C:\WINDOWS\SYSTEM32\WRWLXCYP.0XE moved successfully.C:\WINDOWS\SYSTEM32\WVJHFNAX.0XE moved successfully.C:\WINDOWS\SYSTEM32\WYLJVQIW.0LL moved successfully.C:\WINDOWS\SYSTEM32\XASMIEXP.0LL moved successfully.C:\WINDOWS\SYSTEM32\XDUQCJKG.0XE moved successfully.DllUnregisterServer procedure not found in C:\WINDOWS\SYSTEM32\xlfmkhfl.dllC:\WINDOWS\SYSTEM32\xlfmkhfl.dll NOT unregistered.C:\WINDOWS\SYSTEM32\xlfmkhfl.dll moved successfully.C:\WINDOWS\SYSTEM32\XOLJOLQA.0XE moved successfully.DllUnregisterServer procedure not found in C:\WINDOWS\SYSTEM32\xtbndrad.dllC:\WINDOWS\SYSTEM32\xtbndrad.dll NOT unregistered.C:\WINDOWS\SYSTEM32\xtbndrad.dll moved successfully.C:\WINDOWS\SYSTEM32\XXJMVATI.0XE moved successfully.C:\WINDOWS\SYSTEM32\YASLXQLF.0XE moved successfully.C:\WINDOWS\SYSTEM32\YCWXIGIX.0LL moved successfully.C:\WINDOWS\SYSTEM32\YFACCNNA.0XE moved successfully.C:\WINDOWS\SYSTEM32\YFWSFVFL.0XE moved successfully.DllUnregisterServer procedure not found in C:\WINDOWS\SYSTEM32\ygdwdlqe.dllC:\WINDOWS\SYSTEM32\ygdwdlqe.dll NOT unregistered.C:\WINDOWS\SYSTEM32\ygdwdlqe.dll moved successfully.C:\WINDOWS\SYSTEM32\YPOGGOTH.0XE moved successfully.C:\WINDOWS\SYSTEM32\YRAWEMXB.0XE moved successfully.C:\WINDOWS\SYSTEM32\DRIVERS\HMEEWWYK.0YS moved successfully.C:\WINDOWS\SYSTEM32\DRIVERS\vidid35x9.sys moved successfully.C:\WINDOWS\Downloaded Program Files\MiniInstaller.exe moved successfully.C:\WINDOWS\Downloaded Program Files\CONFLICT.1 moved successfully.C:\Program Files\Imastant moved successfully.

Who is online

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.